.vscode | ||
config | ||
conn | ||
device | ||
example_config | ||
ipc | ||
orderdmap | ||
path | ||
ratelimiter | ||
replay | ||
rwcancel | ||
tai64n | ||
tap | ||
.gitignore | ||
code_of_conduct.md | ||
go.mod | ||
govpp_remove_crcstring_check.patch | ||
LICENSE | ||
main_edge.go | ||
main_httpserver.go | ||
main_super.go | ||
main.go | ||
Makefile | ||
README_zh.md | ||
README.md | ||
version.go |
Etherguard
A Full Mesh Layer2 VPN based on wireguard-go
OSPF can find best route based on it's cost.
But sometimes the lentancy are different in the packet goes and back.
I'am thinking, is it possible to find the best route based on the single-way latency?
For example, I have two routes A and B at node N1, both of them can reach my node N2. A goes fast, but B backs fast.
My VPN can automatically send packet through route A at node N1, and the packet backs from route B.
Here is the solution. This VPN Etherguard
can collect all the single-way lentancy from all nodes, and calculate the best route using Floyd–Warshall algorithm.
Wirried about the clock not match so that the measure result are not correct? It doesn't matter, here is the proof (Mandarin): https://www.kskb.eu.org/2021/08/rootless-routerpart-3-etherguard.html
Usage
Usage of ./etherguard-go:
-bind string
UDP socket bind mode. [linux|std]
You may need std mode if tou want to run Etherguard under WSL. (default "linux")
-config string
Config path.
-example
Print example config
-help
Show this help
-mode string
Running mode. [super|edge|solve]
-no-uapi
Do not use UAPI
With UAPI, you can check etherguard status by `wg` command
-version
Show version
Mode
- Static Mode: Similar to origional wireguard. Introduction.
- Super Mode: Inspired byn2n. Introduction.
- P2P Mode: Inspired bytinc. Introduction.
Common Config Paramater
Edge Config
interface
itype
: Interface type.dummy
: Dymmy interface, drop any packet received. You need this if you want to setup it as a relay node.stdio
: Wrtie to stdout,read from stdin.
Paramaters:macaddrprefix
,l2headermode
udpsock
: Write to an udp socket, and read from an net assress.
Paramaters:macaddrprefix
,recvaddr
,sendaddr
vpp
: Integrate to VPP by libmemif.
Paramaters:name
,vppifaceid
,vppbridgeid
,macaddrprefix
,mtu
tap
: Read/Write to tap device from linux.
Paramaters:name
,macaddrprefix
,vppifaceid
,mtu
name
: Device namevppifaceid
: Interface ID。Muse be unique in same VPP runtimevppbridgeid
: VPP Bridge ID. Fill 0 if you don't use it.macaddrprefix
: Mac address Prefix.
Real Mac address=[Prefix]:[NodeID].
If you fill full mac address here, NodeID will be ignored.recvaddr
: Listen address forudpsock
modesendaddr
: Packet send address forudpsock
model2headermode
: For debug usage,stdio
andudpsock
mode onlynochg
: Do not change anything.kbdbg
: Keyboard debug mode.
Let me construct Layer 2 header by ascii character only.
So that I can track the packet flow withloglevel
option.noL2
: Remove all Layer 2 header, all boardcast
nodeid
: NodeID. Must be unique in the whole Etherguard network.nodename
: Node Name.defaultttl
: Default TTL(etherguard layer. not affect ethernet layer)privkey
: Private key. Same spec as wireguard.listenport
: UDP lesten portloglevel
: Log Levelloglevel
:debug
,error
,slient
for wirefuard logger.logtransit
: Log packets that neither the source or distenation is self.logcontrol
: Log for all Control Message.lognormal
: Log packets that either the source or distenation is self.logntp
: NTP related logs.
dynamicroute
: Log for dynamic route.sendpinginterval
: SendPing
intervaldupchecktimeout
: Duplication chack timeout.conntimeout
: Connection timeout.savenewpeers
: Save peer info to local file.supernode
: See Super Modep2p
See P2P Modentpconfig
: NTP related settingsusentp
: USE NTP or not.maxserveruse
: How many NTP servers should we use at once.
First time we will measure lentancy for all NTP server, next time it will use only fastest server.synctimeinterval
: NTP sync interval.ntptimeout
: NTP timeoutservers
: NTP server list
nexthoptable
: Nexthop table。Only static mode use it. See Static Moderesetconninterval
: Reset the endpoint for peers. You may need this if that peer use DDNS.peers
: Peer info.nodeid
: Node ID.pubkey
: Public key.pskey
: Preshared key. Not implement yet.endpoint
: Peer enddpoint. Will be overwrite if the peer roaming unless static=true.static
: Do not overwrite by roaming and reset the connection everyresetconninterval
seconds.
Super config
See Super Mode.
Build
No-vpp version
Build Etherguard.
Install Go 1.16
add-apt-repository ppa:longsleep/golang-backports
apt-get -y update
apt-get install -y wireguard-tools golang-go build-essential git
Build
make
VPP version
Build Etherguard with VPP integrated.
You need libmemif.so installed to run this version.
Install VPP and libemif
echo "deb [trusted=yes] https://packagecloud.io/fdio/release/ubuntu focal main" > /etc/apt/sources.list.d/99fd.io.list
curl -L https://packagecloud.io/fdio/release/gpgkey | sudo apt-key add -
apt-get -y update
apt-get install -y vpp vpp-plugin-core python3-vpp-api vpp-dbg vpp-dev libmemif libmemif-dev
Build
make vpp